If you want to manage users for your Active Directory Lightweight Services instance using ADSIEdit, you may refer to these MSDN articles:
Manage an AD LDS Instance Using ADSI Edit
https://technet.microsoft.com/en-us/library/cc794959%28v=ws.10%29.aspx
Use ADSI Edit to Manage an AD LDS Instance https://technet.microsoft.com/en-us/library/cc731156.aspx
These articles will provide you with the necessary information to connect to your ADLDS instance using ADSIEdit, but what if you want to actually add users to ADLDS?
Well, this article addresses that question:
Add an AD LDS User to the Directory https://technet.microsoft.com/en-us/library/cc772194.aspx
The problem with the above article, though, is that it does not address how to Set the Password for the newly created user!!
Fortunately, someone else wrote an article describing how to accomplish this (though a bit outdated):
http://sureshatt.blogspot.com/2012/06/using-adsiedit-tool-with-active.html
Once you have created your new user in ADLDS, you simply right click on the user and select "Reset Password"!
Manage an AD LDS Instance Using ADSI Edit
https://technet.microsoft.com/en-us/library/cc794959%28v=ws.10%29.aspx
Use ADSI Edit to Manage an AD LDS Instance https://technet.microsoft.com/en-us/library/cc731156.aspx
These articles will provide you with the necessary information to connect to your ADLDS instance using ADSIEdit, but what if you want to actually add users to ADLDS?
Well, this article addresses that question:
Add an AD LDS User to the Directory https://technet.microsoft.com/en-us/library/cc772194.aspx
The problem with the above article, though, is that it does not address how to Set the Password for the newly created user!!
Fortunately, someone else wrote an article describing how to accomplish this (though a bit outdated):
http://sureshatt.blogspot.com/2012/06/using-adsiedit-tool-with-active.html
Once you have created your new user in ADLDS, you simply right click on the user and select "Reset Password"!
In addition, even after resetting the password, the user in ADLDS, by default, is still not enabled! So you still have to go about enabling the user account by updating the msDS-UserAccountDisabled attribute:
Finally, the userPrincipalName attribute is still not set by going through the wizard, so that also has to be set manually:
Fortunately, there is a much easier way to accomplish all of these manual steps in ADSI Edit by using PowerShell:
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true,Position=1)]
[string]$ADName,
[Parameter(Mandatory=$true)]
[string]$ADUPN,
[Parameter(Mandatory=$true)]
[string]$ADGivenName,
[Parameter(Mandatory=$true)]
[string]$ADSurname
)
#Example#ADName John Doe#GivenName John#Surname Doe#UPN jdoe@adlds.com$ADLDSServer = "MYADLDSServer:5000";$ADDefaultPwd = "P@ssword!";$ADLDSPath = "CN=Roles,CN=AppPartition,DC=ADLDS,DC=COM";Clear-Host
New-ADUser -Name $ADName -DisplayName $ADName -Server $ADLDSServer -UserPrincipalName $ADUPN -GivenName $ADGivenName -Surname $ADSurname -AccountPassword (ConvertTo-SecureString $ADDefaultPwd -AsPlainText -Force) -Enabled $true -PasswordNeverExpires $true -Path $ADLDSPath
Using PowerShell to create ADLDS Users is definitely much, much nicer and simpler!!
No comments:
Post a Comment